SecuriTricks - CVE-2025-11990

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses.

Product(s) Impacted

Vendor	Product	Versions
Gitlab	Gitlab	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-177

Improper Handling of URL Encoding (Hex Encoding)

The product does not properly handle when all or part of an input has been URL encoded.

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	gitlab	gitlab	/	/	/	/	enterprise	/	/	/
a	gitlab	gitlab	/	/	/	/	enterprise	/	/	/

References

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

https://gitlab.com/gitlab-org/gitlab/-/issues/577850

https://hackerone.com/reports/3257843

CVSS Score

3.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: Nov. 15, 2025, 8:15 a.m.
Last Modified: Nov. 19, 2025, 5:55 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

cve@gitlab.com

CVE-2025-11990